Totál zahnojené pc - posílá havěť do sítě

Zpráva

funkymusic · #1 Příspěvek od **funkymusic** » 25 bře 2018 17:42

Zdravím,
Mám tu jednu prasečinu, se kterou prosím pomoct - zasekané hnojem, zpomalené, provider tvrdí, že to i posílá nějakej humus do sítě. Prosím o pomoc s odvirováním.

Zde RSIT:

Logfile of random's system information tool 1.10 (written by random/random)
Run by Eliška at 2018-03-25 18:40:35
Microsoft Windows 10 Home
System drive C: has 674 GB (72%) free of 936 GB
Total RAM: 3987 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:40:46, on 25. 3. 2018
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.16299.0015)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\Eliška\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Users\Eliška\AppData\Roaming\Spotify\Spotify.exe
C:\Users\Eliška\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Users\Eliška\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
C:\Users\Eliška\AppData\Roaming\Spotify\Spotify.exe
C:\Users\Eliška\AppData\Roaming\Spotify\Spotify.exe
C:\Users\Eliška\AppData\Roaming\Spotify\Spotify.exe
C:\Program Files\trend micro\Eliška.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com/?pc=ACJB
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/?clid=12454
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [BacKGround Agent] C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
O4 - HKLM\..\Run: [mncvpbcqSrv] C:\Windows\inf\mncvpbcq.vbe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKCU\..\Run: [HP Photosmart Plus B210 series (NET)] "C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1693N5ZP05J9:NW" -scfn "HP Photosmart Plus B210 series (NET)" -AutoStart 1
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Eliška\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\Eliška\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\Eliška\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKCU\..\Run: [Spotify] C:\Users\Eliška\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized
O4 - HKCU\..\Run: [Spotify Web Helper] C:\Users\Eliška\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - Startup: Sledovat výstrahy inkoustu - .lnk = ?
O4 - Startup: Sledovat výstrahy inkoustu - HP Photosmart Plus B210 series (Síť).lnk = ?
O4 - Startup: Sledovat výstrahy inkoustu - HP2459C7 (HP Photosmart Plus B210 series).lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\Program Files\Microsoft Office\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: @oem62.inf,%BlueBcmBtRSupport.SVCNAME%;Bluetooth Driver Management Service (BcmBtRSupport) - Unknown owner - C:\WINDOWS\system32\BtwRSupportService.exe (file missing)
O23 - Service: CCDMonitorService - Acer Incorporated - C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
O23 - Service: HWDeviceService64.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService64.exe
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Technology Access Software Asset Manager (Intel(R) TA SAM) - Intel Corporation - C:\Program Files (x86)\Intel Corporation\Intel(R) Technology Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe
O23 - Service: Intel(R) Technology Access Legacy CS Loader (Intel(R) TechnologyAccessLegacyCSLoader) - Intel(R) Corporation - C:\Program Files\Intel Corporation\Intel(R) Technology Access\LegacyCsLoaderService.exe
O23 - Service: Intel(R) Technology Access Service (Intel(R) TechnologyAccessService) - Intel(R) Corporation - C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe
O23 - Service: Intel(R) Update Manager (iumsvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: O2 Internet. OUC (O2 Internet. RunOuc) - Unknown owner - C:\Program Files (x86)\O2 Internet\UpdateDog\ouc.exe
O23 - Service: Quick Access Service (QASvc) - Acer Incorporate - C:\Program Files\Acer\Acer Quick Access\QASvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\WINDOWS\system32\xbgmsvc.exe (file missing)

--
End of file - 12429 bytes

======Listing Processes======

C:\WINDOWS\system32\lsass.exe
c:\windows\system32\svchost.exe -k dcomlaunch -p -s PlugPlay
"fontdrvhost.exe"
C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p
c:\windows\system32\svchost.exe -k rpcss -p
c:\windows\system32\svchost.exe -k dcomlaunch -p -s LSM
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s NcbService
c:\windows\system32\svchost.exe -k netsvcs -p -s lfsvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s EventLog
c:\windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
c:\windows\system32\svchost.exe -k localservice -p -s nsi
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s Dhcp
c:\windows\system32\svchost.exe -k networkservice -p -s NlaSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s SysMain
c:\windows\system32\svchost.exe -k netsvcs -p -s Themes
c:\windows\system32\svchost.exe -k localservice -p -s EventSystem
c:\windows\system32\svchost.exe -k netsvcs -p -s SENS

c:\windows\system32\svchost.exe -k localservice -p -s netprofm
C:\WINDOWS\system32\igfxCUIService.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s Schedule
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s AudioEndpointBuilder
c:\windows\system32\svchost.exe -k localservice -p -s FontCache
c:\windows\system32\svchost.exe -k netsvcs -p -s UserManager
c:\windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s TimeBrokerSvc
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k appmodel -p -s StateRepository
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k networkservice -p -s Dnscache
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s WinHttpAutoProxySvc
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p
c:\windows\system32\svchost.exe -k netsvcs -p -s ShellHWDetection
C:\WINDOWS\system32\WLANExt.exe 2444671561328
\??\C:\WINDOWS\system32\conhost.exe 0x4
C:\WINDOWS\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k localservicenonetwork -p
c:\windows\system32\svchost.exe -k networkservice -p -s LanmanWorkstation
c:\windows\system32\svchost.exe -k networkservice -p -s CryptSvc
"C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe"
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s DeviceAssociationService
c:\windows\system32\svchost.exe -k netsvcs -p -s iphlpsvc
c:\windows\system32\svchost.exe -k localservicenonetwork -p -s DPS
C:\WINDOWS\System32\svchost.exe -k utcsvc -p
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files\Intel Corporation\Intel(R) Technology Access\LegacyCsLoaderService.exe"
"C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe"
c:\windows\system32\svchost.exe -k lpdservice -s LPDSVC
"C:\ProgramData\DatacardService\HWDeviceService64.exe" -/service
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
c:\windows\system32\svchost.exe -k localservice -p -s SstpSvc
"C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem"

c:\windows\system32\svchost.exe -k netsvcs -p -s WpnService
c:\windows\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TrkWks

c:\windows\system32\svchost.exe -k localservice -p -s WdiServiceHost
c:\windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
dashost.exe {bc4d7c25-0149-4bd5-b7f77c6dfaaac698}
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s SSDPSRV
"C:\ProgramData\O2 Internet\OnlineUpdate\ouc.exe" "C:/Program Files (x86)/O2 Internet/UpdateDog/"
c:\windows\system32\svchost.exe -k networkservicenetworkrestricted -p -s PolicyAgent
"C:\Program Files (x86)\Acer\AOP Framework\acer\\ccd.exe" "C:\Users\Eliška\AppData\Local\AOP SDK\acer infra\acer\SyncAgent" S-1-5-21-2733569308-1764321115-1979760206-1001 676 536 "C:\ProgramData\acer\CCD"
\??\C:\WINDOWS\system32\conhost.exe 0x4

c:\windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TabletInputService
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s PcaSvc
c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
"C:\Program Files\Acer\Acer Quick Access\QASvc.exe"
C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
C:\WINDOWS\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe"
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s Netman
c:\windows\system32\svchost.exe -k netsvcs -p -s Appinfo
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
c:\windows\system32\svchost.exe -k localservice -p -s LicenseManager
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s StorSvc
"C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.exe"
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s QWAVE
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s DsSvc
C:\WINDOWS\system32\svchost.exe -k LocalService -p -s SEMgrSvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s RmSvc

C:\WINDOWS\System32\WinLogon.exe -SpecialSession
"fontdrvhost.exe"
"dwm.exe"
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
sihost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService
C:\WINDOWS\Explorer.EXE
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
igfxEM.exe
igfxHK.exe
igfxTray.exe
"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\WINDOWS\system32\SettingSyncHost.exe -Embedding
"ctfmon.exe"
"C:\Program Files\Windows Defender\MSASCuiL.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1693N5ZP05J9:NW" -scfn "HP Photosmart Plus B210 series (NET)" -AutoStart 1
"C:\Users\Eliška\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
"C:\Users\Eliška\AppData\Roaming\Spotify\Spotify.exe" --autostart --minimized
"C:\Users\Eliška\AppData\Roaming\Spotify\SpotifyWebHelper.exe" --autostart
"C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe"
"C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe"
szndesktop.exe default start
"C:\Users\Eliška\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe"
\??\C:\WINDOWS\system32\conhost.exe 0x4
"C:\Program Files\Acer\Acer Quick Access\QAMsg.exe"
C:\Users\Eliška\AppData\Roaming\Spotify\Spotify.exe --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Eliška\AppData\Local\Spotify\User Data\Crashpad" "--metrics-dir=C:\Users\Eliška\AppData\Local\Spotify\User Data" --url=https://crashdump.spotify.com:443 --annotation=platform=win32 --annotation=product=spotify --annotation=version=1.0.75.483 --initial-client-data=0x5b0,0x5b8,0x5c8,0x5c4,0x5cc,0x6dd0edf0,0x6dd0ee00,0x6dd0ee0c
"C:\Users\Eliška\AppData\Roaming\Spotify\Spotify.exe" --type=gpu-process --disable-d3d11 --lang=en-US --log-file="C:\Users\Eliška\AppData\Roaming\Spotify\debug.log" --log-severity=disable --product-version=Spotify/1.0.75.483 --gpu-preferences=GAAAAAAAAAAABwAAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x0000 --gpu-device-id=0x0000 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --lang=en-US --log-file="C:\Users\Eliška\AppData\Roaming\Spotify\debug.log" --log-severity=disable --product-version=Spotify/1.0.75.483 --service-request-channel-token=E4ABC52C04A3BB8F9CE16E10EC89D03B --mojo-platform-channel-handle=2032 --ignored=" --type=renderer " /prefetch:2
c:\windows\system32\svchost.exe -k unistacksvcgroup
"C:\Users\Eliška\AppData\Roaming\Spotify\Spotify.exe" --type=renderer --disable-browser-side-navigation --disable-pinch --service-pipe-token=45A9145853431C3ADE56C9C2FC5BA929 --lang=en-US --lang=en-US --log-file="C:\Users\Eliška\AppData\Roaming\Spotify\debug.log" --log-severity=disable --product-version=Spotify/1.0.75.483 --disable-spell-checking --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=45A9145853431C3ADE56C9C2FC5BA929 --renderer-client-id=3 --mojo-platform-channel-handle=3080 /prefetch:1
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1811.248.0_x64__kzf8qxf38zg5c\SkypeHost.exe" -ServerName:SkypeHost.ServerServer
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s WdiSystemHost
C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s wlidsvc
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1"

"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" XGpuTrayIcon"
C:\Windows\System32\smartscreen.exe -Embedding
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-516f7def-cfc1-4f7b-b3df-c7353b89a20a -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-cba58cf7-9f14-4aea-95db-9db861e0410a -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-6edfa009-baa5-4230-94ba-844670ddcc1a -NonStateChangingEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-ea0ea7ae-f752-462d-a232-d938072a7e78 -LifetimeId:fcdbe067-8ad1-4128-8641-723bf83a05db -DeviceGroupId:WpdFsGroup
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s wcncsvc
C:\WINDOWS\system32\vssvc.exe
C:\WINDOWS\System32\svchost.exe -k swprv
C:\WINDOWS\system32\ApplicationFrameHost.exe -Embedding
C:\WINDOWS\system32\DllHost.exe /Processid:{973D20D7-562D-44B9-B70B-5A0F49CCDF3F}
C:\WINDOWS\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:18
\??\C:\WINDOWS\system32\conhost.exe 0x4
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
C:\WINDOWS\System32\svchost.exe -k netsvcs -p -s Browser

C:\WINDOWS\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:19
\??\C:\WINDOWS\system32\conhost.exe 0x4
C:\WINDOWS\system32\AUDIODG.EXE 0x58c
C:\WINDOWS\system32\svchost.exe -k appmodel -p -s tiledatamodelsvc
"C:\Users\Eliška\Desktop\RSITx64.exe"
C:\WINDOWS\system32\wbem\wmiprvse.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\Eliška\AppData\Roaming\Mozilla\Firefox\Profiles\kjy1vwyw.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 29.0.0.113 Plugin
"Path"=C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_113.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf]
"Description"=
"Path"=C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\Program Files (x86)\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\Program Files (x86)\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 29.0.0.113 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF64_29_0_0_113.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\Program Files\MICROS~1\Office14\NPAUTHZ.DLL

C:\Users\Eliška\AppData\Roaming\Mozilla\Firefox\Profiles\kjy1vwyw.default\extensions\
sko-extension@firma.seznam.cz

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 6671064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar Helper - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25 1253144]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25 1253144]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SecurityHealth"=C:\Program Files\Windows Defender\MSASCuiL.exe [2017-09-29 630168]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-06-24 13885696]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2014-04-02 2199840]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2012-11-05 108144]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"HP Photosmart Plus B210 series (NET)"=C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\ScanToPCActivationApp.exe [2012-10-17 2573416]
"OneDrive"=C:\Users\Eliška\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2018-03-09 1559200]
"cz.seznam.software.autoupdate"=C:\Users\Eliška\AppData\Roaming\Seznam.cz\szninstall.exe [2013-05-16 1062472]
"cz.seznam.software.szndesktop"=C:\Users\Eliška\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [2015-05-26 103080]
"Spotify"=C:\Users\Eliška\AppData\Roaming\Spotify\Spotify.exe [2018-03-05 21894544]
"Spotify Web Helper"=C:\Users\Eliška\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018-03-05 782736]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"BacKGround Agent"=C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2014-12-19 62208]
"mncvpbcqSrv"=C:\Windows\inf\mncvpbcq.vbe [2014-01-19 1342]
"HP Software Update"=C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2013-05-30 96056]
"seznam-listicka-distribuce"=C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]

C:\Users\Eliška\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Sledovat výstrahy inkoustu - .lnk - C:\WINDOWS\system32\RunDll32.exe
Sledovat výstrahy inkoustu - HP Photosmart Plus B210 series (Síť).lnk - C:\Windows\system32\RunDll32.exe
Sledovat výstrahy inkoustu - HP2459C7 (HP Photosmart Plus B210 series).lnk - C:\WINDOWS\system32\RunDll32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 6671064]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetSetupSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SerCx2.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TileDataModelSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DSCAutomationHostEnabled"=2
"EnableFullTrustStartupTasks"=2
"EnableUwpStartupTasks"=2
"SupportFullTrustStartupTasks"=1
"SupportUwpStartupTasks"=1
"DisableTaskMgr"=0
"PromptOnSecureDesktop"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoRun"=0
"NoFolderOptions"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"vidc.tscc"=C:\WINDOWS\SysWOW64\tsccvid64.dll
"vidc.tsc2"=C:\WINDOWS\SysWOW64\tsc2_codec64.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2018-03-25 18:40:35 ----D---- C:\rsit
2018-03-25 18:40:35 ----D---- C:\Program Files\trend micro
2018-03-25 18:32:31 ----HD---- C:\OneDriveTemp
2018-03-18 10:57:12 ----A---- C:\WINDOWS\SYSWOW64\FlashPlayerApp.exe
2018-03-14 23:03:54 ----A---- C:\WINDOWS\SYSWOW64\usoapi.dll
2018-03-14 23:03:54 ----A---- C:\WINDOWS\SYSWOW64\IndexedDbLegacy.dll
2018-03-14 23:03:54 ----A---- C:\WINDOWS\SYSWOW64\EdgeManager.dll
2018-03-14 23:03:54 ----A---- C:\WINDOWS\SYSWOW64\edgeIso.dll
2018-03-14 23:03:54 ----A---- C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-03-14 23:03:53 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Protection.PlayReady.dll
2018-03-14 23:03:53 ----A---- C:\WINDOWS\SYSWOW64\webplatstorageserver.dll
2018-03-14 23:03:53 ----A---- C:\WINDOWS\SYSWOW64\vbscript.dll
2018-03-14 23:03:53 ----A---- C:\WINDOWS\SYSWOW64\msIso.dll
2018-03-14 23:03:53 ----A---- C:\WINDOWS\SYSWOW64\AcSpecfc.dll
2018-03-14 23:03:53 ----A---- C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-03-14 23:03:52 ----A---- C:\WINDOWS\SYSWOW64\jscript9diag.dll
2018-03-14 23:03:52 ----A---- C:\WINDOWS\SYSWOW64\jscript.dll
2018-03-14 23:03:52 ----A---- C:\WINDOWS\SYSWOW64\edgehtml.dll
2018-03-14 23:03:51 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll
2018-03-14 23:03:51 ----A---- C:\WINDOWS\SYSWOW64\jscript9.dll
2018-03-14 23:03:51 ----A---- C:\WINDOWS\system32\drivers\USBXHCI.SYS
2018-03-14 23:03:51 ----A---- C:\WINDOWS\system32\drivers\dxgmms1.sys
2018-03-14 23:03:51 ----A---- C:\WINDOWS\system32\drivers\dumpsd.sys
2018-03-14 23:03:50 ----A---- C:\WINDOWS\SYSWOW64\win32kfull.sys
2018-03-14 23:03:50 ----A---- C:\WINDOWS\SYSWOW64\iertutil.dll
2018-03-14 23:03:50 ----A---- C:\WINDOWS\system32\rdpudd.dll
2018-03-14 23:03:50 ----A---- C:\WINDOWS\system32\drivers\volmgr.sys
2018-03-14 23:03:50 ----A---- C:\WINDOWS\system32\drivers\USBHUB3.SYS
2018-03-14 23:03:50 ----A---- C:\WINDOWS\system32\drivers\storufs.sys
2018-03-14 23:03:50 ----A---- C:\WINDOWS\system32\drivers\storahci.sys
2018-03-14 23:03:50 ----A---- C:\WINDOWS\system32\drivers\sdbus.sys
2018-03-14 23:03:50 ----A---- C:\WINDOWS\system32\drivers\hidparse.sys
2018-03-14 23:03:50 ----A---- C:\WINDOWS\system32\drivers\dxgmms2.sys
2018-03-14 23:03:50 ----A---- C:\WINDOWS\system32\drivers\BasicRender.sys
2018-03-14 23:03:50 ----A---- C:\WINDOWS\system32\drivers\acpi.sys
2018-03-14 23:03:49 ----A---- C:\WINDOWS\SYSWOW64\ieframe.dll
2018-03-14 23:03:49 ----A---- C:\WINDOWS\SYSWOW64\Chakra.dll
2018-03-14 23:03:49 ----A---- C:\WINDOWS\system32\jscript9.dll
2018-03-14 23:03:49 ----A---- C:\WINDOWS\system32\drivers\wcifs.sys
2018-03-14 23:03:49 ----A---- C:\WINDOWS\system32\drivers\pci.sys
2018-03-14 23:03:48 ----A---- C:\WINDOWS\SYSWOW64\Windows.Data.Pdf.dll
2018-03-14 23:03:48 ----A---- C:\WINDOWS\SYSWOW64\dbgeng.dll
2018-03-14 23:03:48 ----A---- C:\WINDOWS\SYSWOW64\d3d10warp.dll
2018-03-14 23:03:48 ----A---- C:\WINDOWS\system32\vbscript.dll
2018-03-14 23:03:48 ----A---- C:\WINDOWS\system32\samsrv.dll
2018-03-14 23:03:48 ----A---- C:\WINDOWS\system32\drivers\stornvme.sys
2018-03-14 23:03:48 ----A---- C:\WINDOWS\system32\DbgModel.dll
2018-03-14 23:03:47 ----A---- C:\WINDOWS\SYSWOW64\wininet.dll
2018-03-14 23:03:47 ----A---- C:\WINDOWS\SYSWOW64\KernelBase.dll
2018-03-14 23:03:47 ----A---- C:\WINDOWS\system32\win32kfull.sys
2018-03-14 23:03:47 ----A---- C:\WINDOWS\system32\win32kbase.sys
2018-03-14 23:03:47 ----A---- C:\WINDOWS\system32\StorSvc.dll
2018-03-14 23:03:47 ----A---- C:\WINDOWS\system32\iertutil.dll
2018-03-14 23:03:47 ----A---- C:\WINDOWS\system32\edgeIso.dll
2018-03-14 23:03:47 ----A---- C:\WINDOWS\system32\drivers\UcmUcsi.sys
2018-03-14 23:03:47 ----A---- C:\WINDOWS\system32\drivers\srv2.sys
2018-03-14 23:03:46 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2018-03-14 23:03:46 ----A---- C:\WINDOWS\system32\jscript9diag.dll
2018-03-14 23:03:46 ----A---- C:\WINDOWS\system32\ieframe.dll
2018-03-14 23:03:46 ----A---- C:\WINDOWS\system32\Chakra.dll
2018-03-14 23:03:45 ----A---- C:\WINDOWS\SYSWOW64\winmde.dll
2018-03-14 23:03:45 ----A---- C:\WINDOWS\SYSWOW64\msvproc.dll
2018-03-14 23:03:45 ----A---- C:\WINDOWS\SYSWOW64\mfplat.dll
2018-03-14 23:03:45 ----A---- C:\WINDOWS\system32\rdpcorets.dll
2018-03-14 23:03:45 ----A---- C:\WINDOWS\system32\jscript.dll
2018-03-14 23:03:45 ----A---- C:\WINDOWS\system32\hvloader.dll
2018-03-14 23:03:45 ----A---- C:\WINDOWS\system32\hvax64.exe
2018-03-14 23:03:45 ----A---- C:\WINDOWS\system32\drivers\vmbus.sys
2018-03-14 23:03:45 ----A---- C:\WINDOWS\system32\drivers\spaceport.sys
2018-03-14 23:03:45 ----A---- C:\WINDOWS\system32\drivers\netvsc.sys
2018-03-14 23:03:45 ----A---- C:\WINDOWS\system32\drivers\msiscsi.sys
2018-03-14 23:03:44 ----A---- C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-03-14 23:03:44 ----A---- C:\WINDOWS\system32\lsasrv.dll
2018-03-14 23:03:44 ----A---- C:\WINDOWS\system32\dbgeng.dll
2018-03-14 23:03:43 ----A---- C:\WINDOWS\system32\wininet.dll
2018-03-14 23:03:43 ----A---- C:\WINDOWS\system32\KernelBase.dll
2018-03-14 23:03:43 ----A---- C:\WINDOWS\system32\drivers\dxgkrnl.sys
2018-03-14 23:03:43 ----A---- C:\WINDOWS\system32\drivers\bthport.sys
2018-03-14 23:03:43 ----A---- C:\WINDOWS\system32\d3d10warp.dll
2018-03-14 23:03:43 ----A---- C:\WINDOWS\system32\AcSpecfc.dll
2018-03-14 23:03:42 ----A---- C:\WINDOWS\system32\msIso.dll
2018-03-14 23:03:42 ----A---- C:\WINDOWS\system32\drivers\WdiWiFi.sys
2018-03-14 23:03:42 ----A---- C:\WINDOWS\system32\drivers\nwifi.sys
2018-03-14 23:03:41 ----A---- C:\WINDOWS\system32\mshtml.dll
2018-03-14 23:03:41 ----A---- C:\WINDOWS\system32\hvix64.exe
2018-03-14 23:03:41 ----A---- C:\WINDOWS\system32\drivers\vhdmp.sys
2018-03-14 23:03:40 ----A---- C:\WINDOWS\system32\winmde.dll
2018-03-14 23:03:40 ----A---- C:\WINDOWS\system32\msvproc.dll
2018-03-14 23:03:40 ----A---- C:\WINDOWS\system32\mfplat.dll
2018-03-14 23:03:40 ----A---- C:\WINDOWS\system32\edgehtml.dll
2018-03-14 23:03:37 ----A---- C:\WINDOWS\SYSWOW64\zipfldr.dll
2018-03-14 23:03:37 ----A---- C:\WINDOWS\SYSWOW64\wintrust.dll
2018-03-14 23:03:37 ----A---- C:\WINDOWS\SYSWOW64\rpcrt4.dll
2018-03-14 23:03:37 ----A---- C:\WINDOWS\system32\pcalua.exe
2018-03-14 23:03:36 ----A---- C:\WINDOWS\SYSWOW64\daxexec.dll
2018-03-14 23:03:36 ----A---- C:\WINDOWS\system32\zipfldr.dll
2018-03-14 23:03:36 ----A---- C:\WINDOWS\system32\wintrust.dll
2018-03-14 23:03:36 ----A---- C:\WINDOWS\system32\winsrv.dll
2018-03-14 23:03:36 ----A---- C:\WINDOWS\system32\windows.storage.dll
2018-03-14 23:03:36 ----A---- C:\WINDOWS\system32\shell32.dll
2018-03-14 23:03:36 ----A---- C:\WINDOWS\system32\rpcrt4.dll
2018-03-14 23:03:36 ----A---- C:\WINDOWS\system32\aitstatic.exe
2018-03-14 23:03:35 ----A---- C:\WINDOWS\SYSWOW64\windows.storage.dll
2018-03-14 23:03:35 ----A---- C:\WINDOWS\SYSWOW64\shell32.dll
2018-03-14 23:03:34 ----A---- C:\WINDOWS\system32\HologramCompositor.dll
2018-03-14 23:03:32 ----A---- C:\WINDOWS\system32\usoapi.dll
2018-03-14 23:03:32 ----A---- C:\WINDOWS\system32\updatehandlers.dll
2018-03-14 23:03:32 ----A---- C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-03-14 23:03:32 ----A---- C:\WINDOWS\system32\MusNotificationUx.exe
2018-03-14 23:03:32 ----A---- C:\WINDOWS\system32\MusNotification.exe
2018-03-14 23:03:32 ----A---- C:\WINDOWS\system32\musdialoghandlers.dll
2018-03-14 23:03:31 ----A---- C:\WINDOWS\system32\usocore.dll
2018-03-14 23:03:21 ----A---- C:\WINDOWS\system32\winresume.exe
2018-03-14 23:03:21 ----A---- C:\WINDOWS\system32\winload.exe
2018-03-14 23:03:21 ----A---- C:\WINDOWS\system32\drivers\cng.sys
2018-03-14 23:03:20 ----A---- C:\WINDOWS\SYSWOW64\aepic.dll
2018-03-14 23:03:20 ----A---- C:\WINDOWS\system32\win32appinventorycsp.dll
2018-03-14 23:03:20 ----A---- C:\WINDOWS\system32\invagent.dll
2018-03-14 23:03:20 ----A---- C:\WINDOWS\system32\CompatTelRunner.exe
2018-03-14 23:03:20 ----A---- C:\WINDOWS\system32\aepic.dll
2018-03-14 23:03:19 ----A---- C:\WINDOWS\system32\pcasvc.dll
2018-03-14 23:03:19 ----A---- C:\WINDOWS\system32\generaltel.dll
2018-03-14 23:03:19 ----A---- C:\WINDOWS\system32\devinv.dll
2018-03-14 23:03:19 ----A---- C:\WINDOWS\system32\DeviceCensus.exe
2018-03-14 23:03:19 ----A---- C:\WINDOWS\system32\dcntel.dll
2018-03-14 23:03:19 ----A---- C:\WINDOWS\system32\aeinv.dll
2018-03-14 23:03:19 ----A---- C:\WINDOWS\system32\acmigration.dll
2018-03-14 23:03:18 ----A---- C:\WINDOWS\system32\appraiser.dll
2018-03-14 23:03:14 ----A---- C:\WINDOWS\system32\Spectrum.exe
2018-03-14 23:03:14 ----A---- C:\WINDOWS\system32\HolographicExtensions.dll
2018-03-14 23:03:14 ----A---- C:\WINDOWS\system32\cldapi.dll
2018-03-14 23:03:14 ----A---- C:\WINDOWS\system32\cdp.dll
2018-03-14 23:03:13 ----A---- C:\WINDOWS\system32\Windows.Payments.dll
2018-03-14 23:03:13 ----A---- C:\WINDOWS\system32\webplatstorageserver.dll
2018-03-14 23:03:13 ----A---- C:\WINDOWS\system32\SecurityHealthService.exe
2018-03-14 23:03:13 ----A---- C:\WINDOWS\system32\SecurityHealthAgent.dll
2018-03-14 23:03:13 ----A---- C:\WINDOWS\system32\daxexec.dll
2018-03-14 23:03:12 ----A---- C:\WINDOWS\SYSWOW64\Windows.Payments.dll
2018-03-14 23:03:12 ----A---- C:\WINDOWS\system32\MSVidCtl.dll
2018-03-14 23:03:11 ----A---- C:\WINDOWS\system32\wlidsvc.dll
2018-03-14 23:03:11 ----A---- C:\WINDOWS\system32\EdgeManager.dll
2018-03-14 23:03:10 ----A---- C:\WINDOWS\SYSWOW64\cldapi.dll
2018-03-14 23:03:10 ----A---- C:\WINDOWS\SYSWOW64\cdp.dll
2018-03-14 23:03:08 ----A---- C:\WINDOWS\system32\MusNotifyIcon.exe
2018-03-14 23:03:07 ----A---- C:\WINDOWS\system32\drivers\sdstor.sys
2018-03-14 23:03:06 ----A---- C:\WINDOWS\SYSWOW64\msi.dll
2018-03-14 23:03:05 ----A---- C:\WINDOWS\SYSWOW64\MSVidCtl.dll
2018-03-14 23:03:05 ----A---- C:\WINDOWS\system32\msi.dll
2018-03-14 23:03:05 ----A---- C:\WINDOWS\system32\drivers\RfxVmt.sys
2018-03-14 23:03:04 ----A---- C:\WINDOWS\SYSWOW64\AuthFWSnapin.dll
2018-03-14 23:03:04 ----A---- C:\WINDOWS\system32\MicrosoftAccountWAMExtension.dll
2018-03-14 23:03:04 ----A---- C:\WINDOWS\system32\cdpusersvc.dll
2018-03-14 23:03:04 ----A---- C:\WINDOWS\system32\AuthFWSnapin.dll
2018-03-14 23:03:03 ----A---- C:\WINDOWS\SYSWOW64\TSpkg.dll
2018-03-14 23:03:03 ----A---- C:\WINDOWS\system32\TSpkg.dll
2018-03-14 23:03:03 ----A---- C:\WINDOWS\system32\MSVPXENC.dll
2018-03-14 23:03:03 ----A---- C:\WINDOWS\system32\MSVideoDSP.dll
2018-03-14 23:03:02 ----A---- C:\WINDOWS\SYSWOW64\MSVPXENC.dll
2018-03-14 23:03:02 ----A---- C:\WINDOWS\SYSWOW64\MicrosoftAccountWAMExtension.dll
2018-03-14 23:03:02 ----A---- C:\WINDOWS\system32\Windows.Internal.Feedback.Analog.dll
2018-03-14 23:03:02 ----A---- C:\WINDOWS\system32\msra.exe
2018-03-14 23:03:01 ----A---- C:\WINDOWS\SYSWOW64\offlinesam.dll
2018-03-14 23:03:01 ----A---- C:\WINDOWS\SYSWOW64\offlinelsa.dll
2018-03-14 23:03:01 ----A---- C:\WINDOWS\SYSWOW64\MSVideoDSP.dll
2018-03-14 23:03:01 ----A---- C:\WINDOWS\system32\updatecsp.dll
2018-03-14 23:03:01 ----A---- C:\WINDOWS\system32\svf.dll
2018-03-14 23:03:01 ----A---- C:\WINDOWS\system32\offlinesam.dll
2018-03-14 23:03:01 ----A---- C:\WINDOWS\system32\offlinelsa.dll
2018-03-14 23:03:01 ----A---- C:\WINDOWS\system32\drivers\tpm.sys
2018-03-14 23:03:01 ----A---- C:\WINDOWS\system32\drivers\msrpc.sys
2018-03-14 23:03:01 ----A---- C:\WINDOWS\system32\drivers\ksecpkg.sys
2018-03-14 23:03:01 ----A---- C:\WINDOWS\system32\drivers\isapnp.sys
2018-03-14 23:03:01 ----A---- C:\WINDOWS\system32\drivers\ataport.sys
2018-03-14 23:03:00 ----A---- C:\WINDOWS\SYSWOW64\HoloShellRuntime.dll
2018-03-14 23:03:00 ----A---- C:\WINDOWS\system32\SpectrumSyncClient.dll
2018-03-14 23:03:00 ----A---- C:\WINDOWS\system32\IndexedDbLegacy.dll
2018-03-14 23:03:00 ----A---- C:\WINDOWS\system32\HoloShellRuntime.dll
2018-03-14 23:03:00 ----A---- C:\WINDOWS\system32\HeadTrackerStorage.dll
2018-03-14 23:03:00 ----A---- C:\WINDOWS\system32\drivers\wcnfs.sys
2018-03-14 23:02:59 ----A---- C:\WINDOWS\SYSWOW64\msisip.dll
2018-03-14 23:02:59 ----A---- C:\WINDOWS\SYSWOW64\credssp.dll
2018-03-14 23:02:59 ----A---- C:\WINDOWS\system32\UsoClient.exe
2018-03-14 23:02:59 ----A---- C:\WINDOWS\system32\racpldlg.dll
2018-03-14 23:02:59 ----A---- C:\WINDOWS\system32\msisip.dll
2018-03-14 23:02:59 ----A---- C:\WINDOWS\system32\credssp.dll
2018-02-28 21:55:20 ----D---- C:\WINDOWS\system32\drivers\wd

======List of files/folders modified in the last 1 month======

2018-03-25 18:40:42 ----D---- C:\WINDOWS\Prefetch
2018-03-25 18:40:35 ----RD---- C:\Program Files
2018-03-25 18:37:37 ----D---- C:\WINDOWS\Temp
2018-03-25 18:37:36 ----D---- C:\WINDOWS\system32\catroot2
2018-03-25 18:37:35 ----D---- C:\WINDOWS\system32\DriverStore
2018-03-25 18:37:35 ----D---- C:\WINDOWS\INF
2018-03-25 18:37:17 ----SHD---- C:\System Volume Information
2018-03-25 18:36:18 ----D---- C:\Users\Eliška\AppData\Roaming\Spotify
2018-03-25 18:36:02 ----D---- C:\WINDOWS\system32\CatRoot
2018-03-25 18:34:06 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2018-03-25 18:33:50 ----AD---- C:\Program Files (x86)\Mozilla Firefox
2018-03-25 18:28:54 ----D---- C:\WINDOWS\system32\SleepStudy
2018-03-25 17:58:21 ----D---- C:\WINDOWS\AppReadiness
2018-03-25 17:52:41 ----D---- C:\Users\Eliška\AppData\Roaming\Seznam.cz
2018-03-25 17:51:57 ----SHD---- C:\$Recycle.Bin
2018-03-25 17:51:15 ----D---- C:\WINDOWS\CbsTemp
2018-03-25 17:50:03 ----D---- C:\WINDOWS\LiveKernelReports
2018-03-25 17:49:19 ----D---- C:\WINDOWS\system32\sru
2018-03-25 17:48:24 ----D---- C:\WINDOWS\System32
2018-03-25 17:48:24 ----A---- C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-03-25 17:46:37 ----RD---- C:\Users
2018-03-24 18:33:26 ----D---- C:\WINDOWS\DeliveryOptimization
2018-03-24 18:32:47 ----HD---- C:\Program Files\WindowsApps
2018-03-23 15:35:42 ----D---- C:\Windows
2018-03-23 15:35:41 ----D---- C:\WINDOWS\system32\drivers\UMDF
2018-03-20 20:46:53 ----D---- C:\WINDOWS\Logs
2018-03-20 20:19:33 ----D---- C:\WINDOWS\system32\config
2018-03-20 20:09:28 ----D---- C:\WINDOWS\rescache
2018-03-20 19:54:10 ----RD---- C:\WINDOWS\Microsoft.NET
2018-03-20 19:34:17 ----D---- C:\WINDOWS\WinSxS
2018-03-18 11:02:05 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2018-03-18 11:01:18 ----RD---- C:\WINDOWS\assembly
2018-03-18 10:59:14 ----D---- C:\WINDOWS\system32\LogFiles
2018-03-18 10:57:12 ----D---- C:\WINDOWS\SysWOW64
2018-03-18 10:55:46 ----D---- C:\ProgramData\NVIDIA
2018-03-18 10:55:25 ----D---- C:\WINDOWS\system32\drivers
2018-03-16 22:05:22 ----D---- C:\WINDOWS\TextInput
2018-03-16 22:05:17 ----D---- C:\WINDOWS\system32\en-US
2018-03-16 22:05:17 ----D---- C:\WINDOWS\system32\cs-CZ
2018-03-16 22:05:17 ----D---- C:\WINDOWS\system32\appraiser
2018-03-16 22:05:15 ----D---- C:\WINDOWS\ShellExperiences
2018-03-16 22:05:15 ----D---- C:\WINDOWS\apppatch
2018-03-16 22:05:14 ----D---- C:\WINDOWS\system32\Boot
2018-03-15 17:09:32 ----D---- C:\WINDOWS\system32\MRT
2018-03-15 17:09:22 ----AC---- C:\WINDOWS\system32\MRT-KB890830.exe
2018-03-15 17:09:14 ----AC---- C:\WINDOWS\system32\MRT.exe
2018-03-15 17:09:05 ----SHDC---- C:\WINDOWS\Installer
2018-03-15 17:09:05 ----SHD---- C:\Config.Msi
2018-03-15 17:08:59 ----D---- C:\ProgramData\Microsoft Help
2018-03-14 23:10:58 ----A---- C:\WINDOWS\SYSWOW64\Chakradiag.dll
2018-03-14 23:10:53 ----A---- C:\WINDOWS\system32\Chakradiag.dll
2018-03-14 22:42:29 ----D---- C:\WINDOWS\system32\Tasks
2018-03-14 22:42:20 ----D---- C:\WINDOWS\system32\Macromed
2018-03-14 22:42:15 ----D---- C:\WINDOWS\SYSWOW64\Macromed
2018-03-03 12:30:36 ----RD---- C:\Program Files\Windows Defender
2018-02-27 19:37:52 ----D---- C:\WINDOWS\Minidump

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-101; C:\WINDOWS\system32\drivers\iorate.sys [2017-09-29 56728]
R0 storufs;@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver; C:\WINDOWS\System32\drivers\storufs.sys [2018-02-22 45472]
R1 bam;@%SystemRoot%\system32\drivers\bam.sys,-100; C:\WINDOWS\system32\drivers\bam.sys [2018-01-01 59800]
R1 FileCrypt;@%systemroot%\system32\drivers\filecrypt.sys,-100; C:\WINDOWS\system32\drivers\filecrypt.sys [2017-09-29 55808]
R1 GpuEnergyDrv;@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100; C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2017-09-29 8192]
R1 MpKsl787c2ade;MpKsl787c2ade; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{623AC698-FE4A-4101-BEF6-FE5A1538412C}\MpKsl787c2ade.sys [2018-03-16 58120]
R1 MpKsldae2c199;MpKsldae2c199; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D891754E-7E7F-4C11-A1D6-2E4D4CB21159}\MpKsldae2c199.sys [2018-03-24 58120]
R1 ndisrd;@oem44.inf,%ndisrfl_Desc%;Intel(R) Technology Access Filter Driver; C:\WINDOWS\system32\DRIVERS\ndisrfl.sys [2015-07-28 50448]
R2 CldFlt;Windows Cloud Files Filter Driver; C:\WINDOWS\system32\drivers\cldflt.sys [2018-02-10 385536]
R2 MMCSS;@%systemroot%\system32\drivers\mmcss.sys,-100; C:\WINDOWS\system32\drivers\mmcss.sys [2017-09-29 43520]
R2 storqosflt;@%SystemRoot%\System32\drivers\storqosflt.sys,-101; C:\WINDOWS\system32\drivers\storqosflt.sys [2017-09-29 79872]
R3 bcbtums;@oem62.inf,%BCBTUMS.SvcDesc%;Bluetooth RAM Firmware Download USB Filter; C:\WINDOWS\system32\drivers\bcbtums.sys [2015-03-27 173312]
R3 BCM43XX;@oem20.inf,%BCM43XX_Service_DispName%;Ovladač síťového adaptéru Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [2014-02-25 7549616]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\drivers\BTHUSB.sys [2017-09-29 85504]
R3 CAD;@ChargeArbitration.inf,%CAD_DevDesc%;Charge Arbitration Driver; C:\WINDOWS\System32\drivers\CAD.sys [2017-09-29 60312]
R3 huawei_enumerator;huawei_enumerator; C:\WINDOWS\System32\drivers\ew_jubusenum.sys [2013-01-23 91648]
R3 igfx;igfx; C:\WINDOWS\system32\DRIVERS\igdkmd64.sys [2017-09-01 7971808]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RTKVHD64.sys [2015-06-24 4504320]
R3 iwdbus;@oem71.inf,%iwdbus.SVCDESC%;IWD Bus Enumerator; C:\WINDOWS\System32\drivers\iwdbus.sys [2014-03-01 27032]
R3 MEIx64;@oem48.inf,%TEE_SvcDesc%;Intel(R) Management Engine Interface ; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [2013-12-10 100312]
R3 nvlddmkm;nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvacwu.inf_amd64_31f4ef4821269ebb\nvlddmkm.sys [2017-01-17 14190520]
R3 rt640x64;@oem46.inf,%rt640.Service.DispName%;Realtek RT640 NT Driver; C:\WINDOWS\System32\drivers\rt640x64.sys [2015-07-22 886528]
R3 RTSPER;@oem0.inf,%Rts5227PER%;Realtek PCIE Card Reader - PER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [2015-06-24 761600]
S0 bttflt;@virtdisk.inf,%service_desc%;Microsoft Hyper-V VHDPMEM BTT Filter; C:\WINDOWS\System32\drivers\bttflt.sys [2017-09-29 37784]
S0 cht4iscsi;cht4iscsi; C:\WINDOWS\System32\drivers\cht4sx64.sys [2017-09-29 357272]
S0 LSI_SAS2i;LSI_SAS2i; C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2017-09-29 123800]
S0 LSI_SAS3i;LSI_SAS3i; C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2017-09-29 103320]
S0 megasas2i;megasas2i; C:\WINDOWS\System32\drivers\MegaSas2i.sys [2017-09-29 63520]
S0 percsas2i;percsas2i; C:\WINDOWS\System32\drivers\percsas2i.sys [2017-09-29 58776]
S0 percsas3i;percsas3i; C:\WINDOWS\System32\drivers\percsas3i.sys [2017-09-29 61848]
S0 Ramdisk;Windows RAM Disk Driver; C:\WINDOWS\system32\DRIVERS\ramdisk.sys [2017-09-29 39832]
S0 scmbus;@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver; C:\WINDOWS\System32\drivers\scmbus.sys [2017-09-29 118168]
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\WINDOWS\System32\drivers\AcpiDev.sys [2017-09-29 20480]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\WINDOWS\system32\drivers\applockerfltr.sys [2017-09-29 18432]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Ovladač portu Bluetooth; C:\WINDOWS\System32\drivers\BTHport.sys [2018-02-22 1015296]
S3 btwampfl;@oem62.inf,%btwampfl.ServiceName%;btwampfl; C:\WINDOWS\system32\DRIVERS\btwampfl.sys [2015-03-27 188160]
S3 buttonconverter;@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices; C:\WINDOWS\System32\drivers\buttonconverter.sys [2017-09-29 39424]
S3 CapImg;@capimg.inf,%CapImgHid_Service%;HID driver for CapImg touch screen; C:\WINDOWS\System32\drivers\capimg.sys [2017-09-29 122368]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudbus.sys [2016-04-25 129152]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\WINDOWS\system32\DRIVERS\ew_hwusbdev.sys [2013-01-25 109568]
S3 ew_usbenumfilter;huawei_CompositeFilter; C:\WINDOWS\System32\drivers\ew_usbenumfilter.sys [2012-12-22 14976]
S3 genericusbfn;@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class; C:\WINDOWS\System32\drivers\genericusbfn.sys [2017-09-29 20992]
S3 hidinterrupt;@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts; C:\WINDOWS\System32\drivers\hidinterrupt.sys [2017-09-29 50584]
S3 huawei_ext_ctrl;huawei_ext_ctrl; C:\WINDOWS\System32\drivers\ew_juextctrl.sys [2013-01-23 30720]
S3 huawei_wwanecm;huawei_wwanecm; C:\WINDOWS\system32\DRIVERS\ew_juwwanecm.sys [2013-02-17 244736]
S3 hvservice;@%SystemRoot%\system32\drivers\hvservice.sys,-16; C:\WINDOWS\system32\drivers\hvservice.sys [2017-09-29 73112]
S3 HwNClx0101;Microsoft Hardware Notifications Class Extension Driver; C:\WINDOWS\System32\Drivers\mshwnclx.sys [2017-09-29 27136]
S3 cht4vbd;@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver; C:\WINDOWS\System32\drivers\cht4vx64.sys [2017-09-29 1723288]
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\WINDOWS\System32\drivers\iagpio.sys [2017-09-29 36864]
S3 iai2c;@iai2c.inf,%iai2c.SVCDESC%;Intel(R) Serial IO I2C Host Controller; C:\WINDOWS\System32\drivers\iai2c.sys [2017-09-29 91648]
S3 iaLPSS2i_GPIO2;@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2017-09-29 79360]
S3 iaLPSS2i_GPIO2_BXT_P;@iaLPSS2i_GPIO2_BXT_P.inf,%iaLPSS2i_GPIO2_BXT_P.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2017-09-29 88576]
S3 iaLPSS2i_I2C;@iaLPSS2i_I2C_SKL.inf,%iaLPSS2i_I2C.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2017-09-29 171520]
S3 iaLPSS2i_I2C_BXT_P;@iaLPSS2i_I2C_BXT_P.inf,%iaLPSS2i_I2C_BXT_P.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2017-09-29 174592]
S3 ibbus;@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver); C:\WINDOWS\System32\drivers\ibbus.sys [2017-09-29 526232]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\WINDOWS\System32\drivers\IndirectKmd.sys [2017-09-29 39424]
S3 intaud_WaveExtensible;Intel WiDi Audio Device; C:\WINDOWS\system32\drivers\intelaud.sys [2014-03-01 38296]
S3 IntcDAud;@oem73.inf,%IntcDAud.SvcDesc%;Intel(R) Display Audio; C:\WINDOWS\system32\DRIVERS\IntcDAud.sys [2016-05-12 481768]
S3 invdimm;@invdimm.inf,%invdimm.SvcDesc%;Microsoft iNVDIMM device driver; C:\WINDOWS\System32\drivers\invdimm.sys [2017-09-29 38912]
S3 IPT;IPT; C:\WINDOWS\System32\drivers\ipt.sys [2017-09-29 26112]
S3 irda;IrDA; C:\WINDOWS\system32\drivers\irda.sys [2017-09-29 119808]
S3 LMDriver;Launch Manager Wireless Driver; C:\WINDOWS\System32\drivers\LMDriver.sys [2013-07-18 21360]
S3 mausbhost;@mausbhost.inf,%MAUSBHost.ServiceName%;MA-USB Host Controller Driver; C:\WINDOWS\System32\drivers\mausbhost.sys [2017-09-29 505240]
S3 mausbip;@mausbhost.inf,%MAUSBIP.ServiceName%;MA-USB IP Filter Driver; C:\WINDOWS\System32\drivers\mausbip.sys [2017-09-29 55840]
S3 mlx4_bus;@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator; C:\WINDOWS\System32\drivers\mlx4_bus.sys [2017-09-29 842648]
S3 ndfltr;@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service; C:\WINDOWS\System32\drivers\ndfltr.sys [2017-09-29 108952]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\WINDOWS\system32\drivers\NetAdapterCx.sys [2017-09-29 132608]
S3 NetTap630;@oem80.inf,%NetTap.Service.DispName%;Intel(R) Technology Access TAP Driver (NDIS 6.30); C:\WINDOWS\system32\DRIVERS\nettap630.sys [2015-07-29 76560]
S3 nvdimmn;@nvdimmn.inf,%nvdimmn.SvcDesc%;Microsoft NVDIMM-N device driver; C:\WINDOWS\System32\drivers\nvdimmn.sys [2017-09-29 88576]
S3 pmem;@pmem.inf,%pmem.SvcDesc%;Microsoft persistent memory disk driver; C:\WINDOWS\System32\drivers\pmem.sys [2017-09-29 100352]
S3 PNPMEM;@memory.inf,%PNPMEM.SvcDesc%;Microsoft Memory Module Driver; C:\WINDOWS\System32\drivers\pnpmem.sys [2017-09-29 16896]
S3 RadioShim;Shim for HID-KMDF Interface layer; C:\WINDOWS\System32\drivers\RadioShim.sys [2013-07-18 14680]
S3 ReFSv1;ReFSv1; C:\WINDOWS\system32\drivers\ReFSv1.sys [2017-09-29 936856]
S3 rhproxy;@rhproxy.inf,%rhproxy.SVCDESC%;Resource Hub proxy driver; C:\WINDOWS\System32\drivers\rhproxy.sys [2017-09-29 103936]
S3 SDFRd;@SDFRd.inf,%SDFRd.ServiceDesc%;SDF Reflector; C:\WINDOWS\System32\drivers\SDFRd.sys [2017-09-29 33176]
S3 SpatialGraphFilter;Holographic Spatial Graph Filter; C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys [2017-09-30 56216]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [2016-04-25 221824]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudserd.sys [2015-12-08 214832]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CCDMonitorService;CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2014-12-19 2713856]
R2 CDPSvc;@%SystemRoot%\system32\cdpsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
R2 CDPUserSvc_77005c5;Uživatelská služba platformy připojených zařízení_77005c5; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
R2 CoreMessagingRegistrar;@%SystemRoot%\system32\coremessaging.dll,-1; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
R2 DiagTrack;@%SystemRoot%\system32\diagtrack.dll,-3001; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
R2 DusmSvc;@%SystemRoot%\System32\dusmsvc.dll,-1; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [2015-09-28 25800]
R2 HWDeviceService64.exe;HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [2011-03-14 346976]
R2 igfxCUIService2.0.0.0;Intel(R) HD Graphics Control Panel Service; C:\WINDOWS\system32\igfxCUIService.exe [2017-09-01 373728]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-08-27 747520]
R2 Intel(R) TechnologyAccessLegacyCSLoader;Intel(R) Technology Access Legacy CS Loader; C:\Program Files\Intel Corporation\Intel(R) Technology Access\LegacyCsLoaderService.exe [2016-04-26 153296]
R2 Intel(R) TechnologyAccessService;Intel(R) Technology Access Service; C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe [2016-04-26 478416]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2013-12-10 169432]
R2 LPDSVC;@%systemroot%\system32\lpdsvc.dll,-500; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
R2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [2016-12-29 458176]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-04-02 1617352]
R2 OneSyncSvc_77005c5;Hostitel synchronizace_77005c5; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
R2 SecurityHealthService;@%systemroot%\system32\SecurityHealthAgent.dll,-1002; C:\WINDOWS\system32\SecurityHealthService.exe [2018-03-01 519152]
R3 BBUpdate;BBUpdate; C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.exe [2012-01-25 240408]
R3 ClipSVC;@%SystemRoot%\system32\ClipSVC.dll,-103; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
R3 DsSvc;@%SystemRoot%\system32\dssvc.dll,-10003; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
R3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2017-12-27 43648]
R3 LicenseManager;@%SystemRoot%\system32\licensemanagersvc.dll,-200; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 PimIndexMaintenanceSvc_77005c5;Data kontaktů_77005c5; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
R3 QASvc;Quick Access Service; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [2014-06-26 458984]
R3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
R3 SEMgrSvc;@%SystemRoot%\System32\SEMgrSvc.dll,-1001; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
R3 StateRepository;@%SystemRoot%\system32\windows.staterepository.dll,-1; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S2 BBSvc;BingBar Service; C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BBSvc.exe [2012-01-25 192792]
S2 BcmBtRSupport;@oem62.inf,%BlueBcmBtRSupport.SVCNAME%;Bluetooth Driver Management Service; C:\WINDOWS\system32\BtwRSupportService.exe [2015-03-27 2251992]
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-12 107848]
S2 MapsBroker;@%SystemRoot%\System32\moshost.dll,-100; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S2 O2 Internet. RunOuc;O2 Internet. OUC; C:\Program Files (x86)\O2 Internet\UpdateDog\ouc.exe [2012-11-12 657504]
S2 OneSyncSvc;@%SystemRoot%\system32\APHostRes.dll,-10002; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-02-18 315488]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-03-14 272384]
S3 AJRouter;@%SystemRoot%\system32\AJRouter.dll,-2; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S3 camsvc;@%SystemRoot%\system32\CapabilityAccessManager.dll,-1; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 cphs;Intel(R) Content Protection HECI Service; C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe [2017-09-01 301528]
S3 DevicesFlowUserSvc;@%SystemRoot%\system32\DevicesFlowBroker.dll,-103; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 DevicesFlowUserSvc_77005c5;Tok zařízení_77005c5; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 DevQueryBroker;@%SystemRoot%\system32\DevQueryBroker.dll,-100; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 diagnosticshub.standardcollector.service;@%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000; C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2017-09-29 85504]
S3 diagsvc;@%systemroot%\system32\DiagSvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S3 DmEnrollmentSvc;@%systemroot%\system32\Windows.Internal.Management.dll,-100; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 dmwappushservice;@%SystemRoot%\system32\dmwappushsvc.dll,-200; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 DoSvc;@%systemroot%\system32\dosvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S3 embeddedmode;@%SystemRoot%\system32\embeddedmodesvc.dll,-201; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S3 EntAppSvc;@EnterpriseAppMgmtSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S3 GraphicsPerfSvc;@%SystemRoot%\system32\GraphicsPerfSvc.dll,-100; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-12 107848]
S3 HvHost;@%SystemRoot%\system32\hvhostsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 icssvc;@%SystemRoot%\System32\tetheringservice.dll,-4097; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 InstallService;@%SystemRoot%\system32\InstallService.dll,-200; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-08-27 828376]
S3 Intel(R) TA SAM;Intel(R) Technology Access Software Asset Manager; C:\Program Files (x86)\Intel Corporation\Intel(R) Technology Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2016-08-12 18152]
S3 IpxlatCfgSvc;@%Systemroot%\system32\ipxlatcfg.dll,-500; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S3 irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 iumsvc;Intel(R) Update Manager; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12 177376]
S3 MessagingService;@%SystemRoot%\system32\MessagingService.dll,-100; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 MessagingService_77005c5;Služba zasílání zpráv_77005c5; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2013-12-19 50942144]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2018-03-25 194000]
S3 NaturalAuthentication;@%systemroot%\system32\NaturalAuth.dll,-100; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 NetSetupSvc;@%SystemRoot%\system32\NetSetupSvc.dll,-3; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S3 NgcCtnrSvc;@%SystemRoot%\System32\NgcCtnrSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 NgcSvc;@%SystemRoot%\System32\ngcsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2017-09-12 185048]
S3 PhoneSvc;@%SystemRoot%\system32\PhoneserviceRes.dll,-10000; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 PimIndexMaintenanceSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-15001; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 PrintWorkflowUserSvc;@%SystemRoot%\system32\PrintWorkflowService.dll,-100; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 PrintWorkflowUserSvc_77005c5;PrintWorkflow_77005c5; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 PushToInstall;@%SystemRoot%\system32\pushtoinstall.dll,-200; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S3 RetailDemo;@%SystemRoot%\System32\RDXService.dll,-256; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]
S3 SensorDataService;@%SystemRoot%\system32\SensorDataService.exe,-101; C:\WINDOWS\System32\SensorDataService.exe [2017-09-29 1288704]
S3 SensorService;@%SystemRoot%\System32\sensorservice.dll,-1000; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 SharedRealitySvc;@%SystemRoot%\system32\SharedRealitySvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 SmsRouter;@%SystemRoot%\System32\SmsRouterSvc.dll,-10001; C:\WINDOWS\system32\svchost.exe [2017-09-29 48688]
S3 spectrum;@%systemroot%\system32\spectrum.exe,-101; C:\WINDOWS\system32\spectrum.exe [2018-03-02 956416]
S4 shpamsvc;@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100; C:\WINDOWS\System32\svchost.exe [2017-09-29 48688]

-----------------EOF-----------------

#2 Příspěvek od **Conder** » 25 bře 2018 17:58

Ahoj

Ak nepouzivas, odinstaluj Seznam Software (Seznam Listicka).

Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/

Uloz na plochu a ukonci vsetky programy
Spusti AdwCleaner ako spravca
Odsuhlas licencne podmienky
Klikni na Scan (Skenovanie) a pockaj na dokoncenie
Klikni na Clean (Cistenie) a potvrd kliknutim na OK
AdwCleaner si vyziada restart PC, potvrd kliknutim na Restart Now (Restartovat teraz)
Po dokonceni a restartovani PC vyskoci log, jeho obsah sem skopiruj

funkymusic · #3 Příspěvek od **funkymusic** » 25 bře 2018 19:30

Zdravím,
Díky. Posílám log, lištičky odinstaluju.

# AdwCleaner 7.0.8.0 - Logfile created on Sun Mar 25 18:23:37 2018
# Updated on 2018/08/02 by Malwarebytes
# Running on Windows 10 Home (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\ProgramData\Pokki
Deleted: C:\Users\All Users\Pokki
Deleted: C:\Users\Default\AppData\Local\Pokki
Deleted: C:\Users\Default User\AppData\Local\Pokki
Deleted: C:\Users\defaultuser1\AppData\Local\Pokki
Deleted: C:\Users\Public\Pokki
Deleted: C:\Program Files\Booking.com

***** [ Files ] *****

Deleted: C:\Users\Eliška\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted: Pokki

***** [ Registry ] *****

Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\akcniceny.cz
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cloudfront.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\d16fk4ms6rqz1v.cloudfront.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.akcniceny.cz
Deleted: [Key] - HKU\S-1-5-21-2733569308-1764321115-1979760206-1001\Software\SweetLabs App Platform
Deleted: [Key] - HKCU\Software\SweetLabs App Platform

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0

*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [1968 B] - [2018/3/25 18:20:40]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

#4 Příspěvek od **Conder** » 25 bře 2018 19:31

Poprosim o obidva logy z FRST podla tohto navodu (FRST.txt a Addition.txt): https://forum.viry.cz/viewtopic.php?f=13&t=152707

V pripade, ze sa FRSTLauncher nebude dat stiahnut alebo spustit, pouzi iba samotny FRST.

Ak sa logy nezmestia do jedneho prispevku, zabal ich do archivu RAR alebo ZIP a posli ako prilohu.

funkymusic · #5 Příspěvek od **funkymusic** » 25 bře 2018 20:03

Díky za rychlou odpověď.

Logy viz přiloha

#6 Příspěvek od **Conder** » 25 bře 2018 20:42

Odinstaluj Bing Bar.

Otvor poznamkovy blok (Win+R -> notepad -> enter)

Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

VirusTotal: C:\Windows\inf\mncvpbcq.vbe
File: C:\Windows\inf\mncvpbcq.vbe
File: C:\Users\Eliška\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe

HKLM-x32\...\Run: [mncvpbcqSrv] => C:\Windows\inf\mncvpbcq.vbe [1342 2014-01-19] ()
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-2733569308-1764321115-1979760206-1001\...\RunOnce: [SeznamInstall-uninstall:001bef8ec3854af9cacc4c26ddc7ea5e] => C:\Users\ELIKA~1\AppData\Local\Temp\\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe [534528 2018-03-25] () <==== ATTENTION
HKU\S-1-5-21-2733569308-1764321115-1979760206-1001\...\MountPoints2: {de889b56-46a7-11e4-825b-806e6f6e6963} - "D:\Autorun.exe" 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2733569308-1764321115-1979760206-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2733569308-1764321115-1979760206-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKU\S-1-5-21-2733569308-1764321115-1979760206-1001 -> DefaultScope {7E517EFD-CD65-4CC1-A381-37393637315E} URL = 
SearchScopes: HKU\S-1-5-21-2733569308-1764321115-1979760206-1001 -> {7E517EFD-CD65-4CC1-A381-37393637315E} URL = 
CHR NewTab: Default ->  Not-active:"chrome-extension://blmojkbhnkkphngknkmgccmlenfaelkd/speeddial/html/newTab.html", Not-active:"chrome-extension://olfeabkoenfaoljndfecamgilllcpiak/core/chrome/content/speedDial/speedDial.html"
2018-03-25 20:36 - 2017-03-26 23:24 - 000000000 ____D C:\Users\Eliška\AppData\Roaming\Seznam.cz
2018-03-25 20:36 - 2018-03-25 20:34 - 000534528 _____ () C:\Users\Eliška\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe

ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {17B5F978-1F22-4D0A-9962-E57D8E408EE0} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {482F0F72-D9D0-4778-ADE1-6F81F22495C2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {50E34D56-DC12-4E3B-9D2C-E4C01566A60B} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {75274D1B-9D85-4F26-B69D-677E2AC3D8D0} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {85C3563D-79F0-49DF-A8D4-C74C824D3864} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {961CF6AD-C6DF-4AAC-94D3-612D076C4A72} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {9672515D-B0FA-445B-AC2F-D581C91BBA5C} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {9C79D400-F7D4-4C49-9FEC-9990005A1D47} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {A8FD7A5A-9B71-4921-96A9-C76DFAEAC730} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {B777DF8D-0B6E-4AD8-A8B7-78B3BAB8756F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E688052F-8E13-4370-8005-CD44DC0E24EF} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {F3A3E55F-759A-4588-A0D7-29501A1A546B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {FEBD85C0-F12C-45FB-8840-5C155D86A769} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION

C:\Windows\inf\mncvpbcq.vbe
C:\Program Files (x86)\Seznam.cz

Hosts:
EmptyTemp:
End

Klikni na Subor a potom na Ulozit
Vpravo dole vyber kodovanie Unicode a subor uloz na plochu s nazvom fixlist.txt
Spusti znovu FRST a klikni na Fix
Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj

funkymusic · #7 Příspěvek od **funkymusic** » 25 bře 2018 21:40

Zdravím,
Zde log.

Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Eliška (25-03-2018 22:22:05) Run:1
Running from C:\Users\Eliška\Desktop
Loaded Profiles: Eliška (Available Profiles: Eliška)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

VirusTotal: C:\Windows\inf\mncvpbcq.vbe
File: C:\Windows\inf\mncvpbcq.vbe
File: C:\Users\Eliška\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe

HKLM-x32\...\Run: [mncvpbcqSrv] => C:\Windows\inf\mncvpbcq.vbe [1342 2014-01-19] ()
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-2733569308-1764321115-1979760206-1001\...\RunOnce: [SeznamInstall-uninstall:001bef8ec3854af9cacc4c26ddc7ea5e] => C:\Users\ELIKA~1\AppData\Local\Temp\\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe [534528 2018-03-25] () <==== ATTENTION
HKU\S-1-5-21-2733569308-1764321115-1979760206-1001\...\MountPoints2: {de889b56-46a7-11e4-825b-806e6f6e6963} - "D:\Autorun.exe"
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2733569308-1764321115-1979760206-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2733569308-1764321115-1979760206-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKU\S-1-5-21-2733569308-1764321115-1979760206-1001 -> DefaultScope {7E517EFD-CD65-4CC1-A381-37393637315E} URL =
SearchScopes: HKU\S-1-5-21-2733569308-1764321115-1979760206-1001 -> {7E517EFD-CD65-4CC1-A381-37393637315E} URL =
CHR NewTab: Default -> Not-active:"chrome-extension://blmojkbhnkkphngknkmgccmlenfaelkd/speeddial/html/newTab.html", Not-active:"chrome-extension://olfeabkoenfaoljndfecamgilllcpiak/core/chrome/content/speedDial/speedDial.html"
2018-03-25 20:36 - 2017-03-26 23:24 - 000000000 ____D C:\Users\Eliška\AppData\Roaming\Seznam.cz
2018-03-25 20:36 - 2018-03-25 20:34 - 000534528 _____ () C:\Users\Eliška\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe

ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {17B5F978-1F22-4D0A-9962-E57D8E408EE0} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {482F0F72-D9D0-4778-ADE1-6F81F22495C2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {50E34D56-DC12-4E3B-9D2C-E4C01566A60B} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {75274D1B-9D85-4F26-B69D-677E2AC3D8D0} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {85C3563D-79F0-49DF-A8D4-C74C824D3864} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {961CF6AD-C6DF-4AAC-94D3-612D076C4A72} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {9672515D-B0FA-445B-AC2F-D581C91BBA5C} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {9C79D400-F7D4-4C49-9FEC-9990005A1D47} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {A8FD7A5A-9B71-4921-96A9-C76DFAEAC730} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {B777DF8D-0B6E-4AD8-A8B7-78B3BAB8756F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E688052F-8E13-4370-8005-CD44DC0E24EF} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {F3A3E55F-759A-4588-A0D7-29501A1A546B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {FEBD85C0-F12C-45FB-8840-5C155D86A769} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION

C:\Windows\inf\mncvpbcq.vbe
C:\Program Files (x86)\Seznam.cz

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.
VirusTotal: C:\Windows\inf\mncvpbcq.vbe => https://www.virustotal.com/file/5edc86c ... 521857519/

========================= File: C:\Windows\inf\mncvpbcq.vbe ========================

C:\Windows\inf\mncvpbcq.vbe
File not signed
MD5: 35BAD11DEC65EE8753F1E47A05639328
Creation and modification date: 2015-01-04 23:30 - 2014-01-19 20:57
Size: 000001342
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: https://www.virustotal.com/file/5edc86c ... 521857519/

====== End of File: ======

========================= File: C:\Users\Eliška\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe ========================

C:\Users\Eliška\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe
File not signed
MD5: 091235F94956B7824F2FDC73E0288BB1
Creation and modification date: 2018-03-25 20:36 - 2018-03-25 20:34
Size: 000534528
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: https://www.virustotal.com/file/d01dcaf ... 518556845/

====== End of File: ======

"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\mncvpbcqSrv" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\seznam-listicka-distribuce" => removed successfully
"HKU\S-1-5-21-2733569308-1764321115-1979760206-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SeznamInstall-uninstall:001bef8ec3854af9cacc4c26ddc7ea5e" => removed successfully
"HKU\S-1-5-21-2733569308-1764321115-1979760206-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de889b56-46a7-11e4-825b-806e6f6e6963}" => removed successfully
HKLM\Software\Classes\CLSID\{de889b56-46a7-11e4-825b-806e6f6e6963} => not found
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-2733569308-1764321115-1979760206-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-2733569308-1764321115-1979760206-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
"HKU\S-1-5-21-2733569308-1764321115-1979760206-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKU\S-1-5-21-2733569308-1764321115-1979760206-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7E517EFD-CD65-4CC1-A381-37393637315E}" => removed successfully
HKLM\Software\Classes\CLSID\{7E517EFD-CD65-4CC1-A381-37393637315E} => not found
"Chrome NewTab" => removed successfully
C:\Users\Eliška\AppData\Roaming\Seznam.cz => moved successfully
C:\Users\Eliška\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe => moved successfully
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{17B5F978-1F22-4D0A-9962-E57D8E408EE0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{17B5F978-1F22-4D0A-9962-E57D8E408EE0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{482F0F72-D9D0-4778-ADE1-6F81F22495C2}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{482F0F72-D9D0-4778-ADE1-6F81F22495C2}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{50E34D56-DC12-4E3B-9D2C-E4C01566A60B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{50E34D56-DC12-4E3B-9D2C-E4C01566A60B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{75274D1B-9D85-4F26-B69D-677E2AC3D8D0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{75274D1B-9D85-4F26-B69D-677E2AC3D8D0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{85C3563D-79F0-49DF-A8D4-C74C824D3864}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{85C3563D-79F0-49DF-A8D4-C74C824D3864}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{961CF6AD-C6DF-4AAC-94D3-612D076C4A72}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{961CF6AD-C6DF-4AAC-94D3-612D076C4A72}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9672515D-B0FA-445B-AC2F-D581C91BBA5C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9672515D-B0FA-445B-AC2F-D581C91BBA5C}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9C79D400-F7D4-4C49-9FEC-9990005A1D47}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C79D400-F7D4-4C49-9FEC-9990005A1D47}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A8FD7A5A-9B71-4921-96A9-C76DFAEAC730}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8FD7A5A-9B71-4921-96A9-C76DFAEAC730}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B777DF8D-0B6E-4AD8-A8B7-78B3BAB8756F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B777DF8D-0B6E-4AD8-A8B7-78B3BAB8756F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E688052F-8E13-4370-8005-CD44DC0E24EF}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E688052F-8E13-4370-8005-CD44DC0E24EF}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F3A3E55F-759A-4588-A0D7-29501A1A546B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3A3E55F-759A-4588-A0D7-29501A1A546B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FEBD85C0-F12C-45FB-8840-5C155D86A769}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FEBD85C0-F12C-45FB-8840-5C155D86A769}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => removed successfully
C:\Windows\inf\mncvpbcq.vbe => moved successfully
C:\Program Files (x86)\Seznam.cz => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 9199616 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 208673986 B
Java, Flash, Steam htmlcache => 21714 B
Windows/system/drivers => 90887732 B
Edge => 1704660 B
Chrome => 873560475 B
Firefox => 391614491 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 7072 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 199284 B
Eliška => 15382491 B

RecycleBin => 78841661 B
EmptyTemp: => 1.6 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 25-03-2018 22:34:13)

Result of scheduled keys to remove after reboot:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.

==== End of Fixlog 22:34:13 ====

#8 Příspěvek od **Conder** » 25 bře 2018 21:55

Ako sa chova PC? Nastala nejaka zmena?

funkymusic · #9 Příspěvek od **funkymusic** » 25 bře 2018 22:13

Zdá se svižnější

#10 Příspěvek od **Conder** » 25 bře 2018 22:19

"Velikost slozky "C:\Users\Eliçka\Desktop" je 28288 MB."

Presun vsetky subory a zlozky z plochy do dokumentov a na ploche nechaj iba odkazy/zastupcov. Prilis velka velkost plochy moze sposobit spomalenie systemu.

Este preistotu, vytvor a posli nove logy z FRST.

funkymusic · #11 Příspěvek od **funkymusic** » 25 bře 2018 22:39

Soubory z plochy přesunuty.

Log v příloze. Přišlo mi, že se sama odpojuje WiFi, bylo by možný na to ještě mrknout?

Dík moc

#12 Příspěvek od **Conder** » 26 bře 2018 14:30

Log uz vyzera cisto, toto vyvzera skor na problem s ovladacmi od WiFi karty. Skus sa pozriet a nainstalovat najnovsiu verziu WiFi ovladaca zo stranky vyrobcu NTB (alebo skus dat vyhladat aktualizacie cez Windows Update). Predtym instalaciou spusti este tento fixlist, okrem ineho sa vytvori bod obnovenia.

Otvor poznamkovy blok (Win+R -> notepad -> enter)

Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:
SearchScopes: HKU\S-1-5-21-2733569308-1764321115-1979760206-1001 -> DefaultScope {7E517EFD-CD65-4CC1-A381-37393637315E} URL = 
Hosts:
EmptyTemp:
End

Uloz na plochu s nazvom fixlist.txt
Spusti znovu FRST a klikni na Fix
Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj

funkymusic · #13 Příspěvek od **funkymusic** » 26 bře 2018 19:00

Zdravím,
Díky moc. Posílám fixlog. WiFi funguje už v pořádku, tak už ji neřešim.

Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Eliška (26-03-2018 19:33:09) Run:2
Running from C:\Users\Eliška\Desktop
Loaded Profiles: Eliška (Available Profiles: Eliška)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
SearchScopes: HKU\S-1-5-21-2733569308-1764321115-1979760206-1001 -> DefaultScope {7E517EFD-CD65-4CC1-A381-37393637315E} URL =
Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.
"HKU\S-1-5-21-2733569308-1764321115-1979760206-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 9199616 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9539846 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 15445797 B
Edge => 0 B
Chrome => 25881075 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 43970 B
Eliška => 5936667 B

RecycleBin => 0 B
EmptyTemp: => 63 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 19:34:36 ====

funkymusic · #14 Příspěvek od **funkymusic** » 26 bře 2018 19:13

Ještě přidám něco, co mě už delší dobu příde - delší odezva systému, tak sem koukal do správce a našel sem využití disku trvale 99% s tím, že většinu zabírá Windows Modules Installer Worker. Poradíte mi prosím, co s tím? Díky

#15 Příspěvek od **Conder** » 27 bře 2018 14:50

Toto je legitimny systemovy proces, vacsinou to vytazuje PC pri stahovani aktualizacii.

Otvor poznamkovy blok (Win+R -> notepad -> enter)

Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

CMD: sc config "wuauserv" start= auto
CMD: net stop "wuauserv"
c:\windows\SoftwareDistribution
CMD: net start "wuauserv"

Hosts:
EmptyTemp:
End

Uloz na plochu s nazvom fixlist.txt
Spusti znovu FRST a klikni na Fix
Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj

Siahni a spusti Windows Update Troubleshooter: https://aka.ms/wudiag

Vyber Windows Update a klikni na Dalej
Chvilu pockaj a potom klikni na Skusit riesit problemy ako spravca
Znovu vyber Windows Update a klikni na Dalej
Pockaj na dokoncenie, restartuj PC a napis vysledok

Spusti kontrolu integrity systemovych suborov:

Otvor Start, napis "cmd" (bez uvodzoviek), klikni pravym tlacitkom mysi na Prikazovy riadok a klikni na Spustit ako spravca

Skopiruj a spusti prikaz:

Kód: Vybrat vše

DISM.exe /Online /Cleanup-image /Restorehealth

Po dokonceni skopiruj a spusti druhy prikaz:
Kód: Vybrat vše
```
sfc /scannow
```

Po dokonceni obidvoch prikazov skopiruj a spusti tento prikaz:

Kód: Vybrat vše

findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >> "%userprofile%\desktop\sfcdetails.txt" && copy %windir%\logs\dism\dism.log %userprofile%\desktop\dism.txt

Na ploche sa vytvori subory sfcdetails.txt a dism.txt, tieto subory posli ako prilohu k dalsiemu prispevku
Restartuj PC a napis ako sa chova PC

VIRY.CZ

Totál zahnojené pc - posílá havěť do sítě

Totál zahnojené pc - posílá havěť do sítě

Re: Totál zahnojené pc - posílá havěť do sítě

Re: Totál zahnojené pc - posílá havěť do sítě

Re: Totál zahnojené pc - posílá havěť do sítě

Re: Totál zahnojené pc - posílá havěť do sítě

Re: Totál zahnojené pc - posílá havěť do sítě

Re: Totál zahnojené pc - posílá havěť do sítě

Re: Totál zahnojené pc - posílá havěť do sítě

Re: Totál zahnojené pc - posílá havěť do sítě

Re: Totál zahnojené pc - posílá havěť do sítě

Re: Totál zahnojené pc - posílá havěť do sítě

Re: Totál zahnojené pc - posílá havěť do sítě

Re: Totál zahnojené pc - posílá havěť do sítě

Re: Totál zahnojené pc - posílá havěť do sítě

Re: Totál zahnojené pc - posílá havěť do sítě